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(54) Personal authentication system 

(57) An authentication system includes a computer 
1 , an input means 3, a fingerprint database 4, a display 
device 1 0, an adapter circuit 1 1 , and a fingerprint collat- 
ing device 12. The input means 3 includes a keyboard 8 
and a fingerprint sensor 9. The fingerprint sensor 9 is 
integrated into the keyboard 8. The authentication sys- 

1 COMPUrER 



tem allcws a user to perform predetermined operation 
to the computer 1 , only when fingerprint information of 
the user detected by the fingerprint collating device 12 
is coincident with fingerprint Information registered in 
the fingerprint database 4. 
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Description 

BACKGROUND OF THE INVENTION: 

Field of the Invention s 

[(HWI ] This invention relates to a personal authentica- 
tion system and, in particular, to a personal authentica- 
tion system which performs the personal authentication 
by identifying a user's fingerprint. 10 

Description of the Related Art 

[0002] In the past, a fingerprint reading system has 
been disclosed in Japanese Laid-Open Publication No. is 
HI -154295 (namely, 154295/1989). The system has a 
relatively large device, for exanple, an ATM(automatic 
teller machine) or an ECR (electronic cash register). In 
the system, a fingerprint reading head is arranged on a 
top surface of a key which performs a specific function so 
determined in the ATM in response to being pushed. 
The system extracts a user's fingerprint from the top 
surface of the key to authenticate the user when he 
pushes the key in question by one of his fingers. 
[0003] Other conventional personal authentication 25 
systems authenticate a user by checking a password 
supplied by the user, when the user logs in a computer 
system or an application. 

[0<M)4] However, each of these conventional systems 
has problems. In tiie former system, an input device so 
tends to be large in size if a fingerprint reading system 
is integrated into the input device, such as a keyboard 
used in a personal computer system because it has 
never been considered that the fingerprint reading sys- 
tem is used in a small-sized input device. 3S 
[00)5] On the other hand, in ttie later systems, the 
password can be easily stolen by peeping into a screen 
on which the password is supplied, or easily inferred 
from the user's birthday etc. As a result, the systems are 
apt to be undesirably or illegally utilized by people other 40 
than the user 

SUMMARY OF THE INVENTION: 

[0(HJ6] Therefore, it is an object of the invention to pro- 45 
vide a personal authentication system which includes a 
small-sized input device. 

[CHMT] It is another object of the invention to provide a 
personal autiientication system which can prevent use 
of the system by other peqsle. so 
[(KM)8] According to an embodiment of tiie invention, 
a personal autiientication system including cortputer for 
use in authenticating a user is provided. The system 
comprises an input means by which ttie user input an 
instruction to the conputer, a firvgerprint sensor which ss 
detects fingerprint information of the user when the user 
touches the sensor by the user's finger, a storage 
means which is connected to the cortputer and regis- 
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ters fingerprint information of users in advance, and a 
collating means which is connected to the computer and 
collates the fingerprint information detected by the fin- 
gerprint sensor with the fingerprint information regis- 
tered in the storage means. 

[0009] Further the system allows the user to have pre- 
determined operation performed by the computer, when 
it is determined that ttie detected fingerprint information 
is coincident with the registered fingerprint information 
by the collating means. 

BRIEF DESCRIPTION OF THE DRAWINGS : 

[0010] 

Fig. 1 shows a block diagram of a personal authen- 
tication system according to a first embodiment of 
the invention; 

Fig. 2 schematically shown a keyboard and a fin- 
gerprint sensor of the personal authentication sys- 
tem shown in Fig. 1 ; 

Rg. 3 shows a flow chart representing log on cper- 
ation of the personal authentication system shown 
in Fig. 1 ; 

Rg. 4 shows a flow chart representing data 
encrypting operation of the personal authentication 
system shown in Rg. 1 ; 

Rg. 5 shows a flow chart representing data decod- 
ing operation of the personal authentication system 
shown in Fig. 1 ; 

Rg. 6 shows a flow chart representing data signing 
operation of the personal authentication system 
shown in Fig. 1 ; 

Rg. 7 shows a flow chart representing signature 
verification operation of the personal authentication 
system shown in Rg. 1 ; ard 
Rg. 8 shows a Wock diagram of a personal authen- 
tication system according to a second embodiment 
of the invention. 

DESCRIPTION OF THE PREFERRED EMBODIMENT : 

[001 1 ] Fig. 1 shows a first embodiment of a personal 
authentication system of the invention. As shown in Fig. 
1 , the personal authentication system includes a com- 
puter 1, an input device 3 connected to tiie computer 1 
via an interface 2, arxi a fingerprint database 4 con- 
nected to the computer 1 . The computer 1 includes an 
application software 5, middle-ware 6 which communi- 
cates with the application software 5, and a driver soft- 
ware 7 which communicates with the middle-ware 6. 
[001 2] The input device 3 includes a keyboard 8, a fin- 
gerprint sensor 9, a di^lay d»ice 1 0, a fingerprint col- 
lating device 12, and an adapter circuit 11 which is 
connected to these elements 8 - 1 0, 1 2. The adapter cir- 
cuit 1 1 is also connected to tiie computer 1 via the inter- 
face 2. 

[0013] The computer 1 may be, for example, a per- 
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sonal (X)rtputer (PC), a workstation (WS), a server com- 
puter, or a super computer. The application software 5 
realizes a plurality of operations, such as a log-on oper- 
ation to the corrputer 1 , an operation of encrypting data, 
an operation of decoding data, an operation of signing 
data, and an operation of verifying a signature. 
[0014] The middle-ware 6 comprises capabilities of 
authentication result notification and device authentica- 
tion of the keyboard 8. The middle-ware 6 further com- 
prises the capability of personal authentication by 
fingerprint, if the fingerprint collating device 12 has no 
capability of personal authentication. 
[001 5| The interface 2 is structured based on standard 
of device interface such as RS-232C or USB. 
[001 6] While the input device 3 includes the keyboard 
8, the fingerprint sensor 9, the display device 10, the fin- 
gerprint collating device 12, and the adapter circuit 11, 
the display d&iice 1 0 and the fingerprint collating device 
12 may not be included in the input device 8 but may be 
individually and directly connected to the computer 1 . 
[001 7] To detect and collate fingerprint, various Wnds 
of well known conventional methods may be used which 
may be, for example, methods disclosed in Japanese 
Laid-open Piilication Nos. S55-138174 (namely, 
138174/1980) and S56-24675 (namely, 24675/1981). 
[0018] As shown in Fig. 2, the fingerprint sensor 9 is 
integrated into the input device 3. Responsive to a 
user's operation of touching the fingerprint sensor 9, the 
input device 3 outputs a signal including detected fin- 
gerprint information to the computer 1 . 
[0019] The fingerprint sensor 9 may be composed of 
an optical sensor or a semiconductor sensor. When a 
user's finger touches the fingerprint sensor 9, the sen- 
sor 9 detects fingerprint information, generates a signal 
from the information, and sends the signal to the 
adapter circuit 1 1 . 

[0020] Tlie fingerprint information of users is regis- 
tered in advance in the fingerprint database 4. There- 
fore, the computer 1 can collate the fingerprint detected 
by the fingerprint sensor 9 with the fingerprint registered 
in the fingerprint database 4. If the fingerprints are coin- 
cident with each other, the computer 1 allows the user to 
perform the above operations, for example, log-on or 
encrypting data. 

[0021 ] Flow charts shown in Figs. 3, 4, 5, 6, and 7 are 
related to operations of log-on, encrypting data, decod- 
ing data, signing data, and verifying a signature, respec- 
tively Heranafter, the operations of the invention will be 
described with reference to Figs. 3 through 7. 
[0022] In Fig. 3, at first, it is determined whether a user 
wants to log-on to a system or application at step SI . If 
the user want to log-on. fingerprint input request mes- 
sage is displayed onto the di^lay device 10 at step S2. 
Next, it is determin«i whether or not the sensor 9 
detects the user's fingerprint information at step S3. 
[0023] If the sensor 9 detects the fingerprint informa- 
tion, the process proceeds to step S4 and then it is 
determined whether the detected fingerprint information 



is coincident with the fingerprint information registered 
in the fingerprint database 4. 
[0024] If the detected fingerprint information is coinci- 
dent with the registered fingerprint information, the user 
5 is allowed to log-on to tiie computer 1 at step S5. Other- 
wise, the user is prohibited from using the computer 1 at 
stepSe. 

[0025] In Fig. 4, at first, it is determined whether <x not 
a user wants to encrypt data at step S11 . If the user 

10 wants to encrypt the data, fingerprint input request mes- 
sage is displayed onto the display device 10 at step 
SI 2. Next, it is determined wither the sensor 9 detects 
the user's fingerprint information at step SI 3. 
[0026] If the sensor 9 detects the fingerprint informa- 

75 tion, the process proceKis to step SI 4 and then it is 
determined whether the detected fingerprint information 
is coincident with the fingerprint information registered 
in the fingerprint database 4. 
[0027] If the detected fingerprint information is coinci- 

20 dent with the registered fingerprint information, the user 
is allowed to encrypt the data, at step SI 5, using a key 
assigned to the user (each user having a key which is 
different from each other and which may be stored in the 
fingerprint database 4). Othera/ise, the user is prohib- 

25 ited from encrypting the data at step S1 6. 

[0028] In Fig. 5, at first, it is determined whetiier a user 
want to decode data at step S21 . If ttie user wants to 
decode the data, fingerprint input request message is 
displayed onto the display device 10 at step S22. Next, 

30 it is determined whether the sensor 9 detects the user's 
fingerprint information at step S23. 
[0029] If the sensor 9 detects the fingerprint informa- 
tion, the process proceeds to step S24 and then it is 
determined whether the detected fingerprint information 

35 is coincident with the fingerprint information registered 
in the fingerprint database 4. 
[0030] If the detected fingerprint information is coinci- 
dent with the registered fingerprint information, the user 
is allowed to decode the data using a key assigned to 

40 the user at step S25. Othenwise, the user is prohibited 
from decoding the data at step S26. 
[0031 ] In Fig. 6, at first, it is determined whether a use 
wants to sign data at step S31 . If the user want to sign 
the data, fingerprint input request message is displayed 

45 onto the display device 1 0 at step S32. Next, it is deter- 
mined whether the sensor 9 detects the user's finger- 
print information at step S33. 
[0032] If the sensor 9 detects the fingerprint informa- 
tion, the process proceeds to st^ S34 and then it is 

50 determined whether the detected fingerprint information 
is coincident with the fingerprint information registered 
in the fingerprint database 4. 
[0033] If the detected fingerprint information is coinci- 
dent with tiie register fingerprint information, the user is 

55 allowed to sign the data using a key assigned to the 
user at step S35. Othenwise, the user is prohibited from 
signing the data at step S36. 

[0034] In Fig. 7, at first, it is determined whether a user 



3 



5 

want to verify a signature at step S41 . If tlie user want to 
verify the signature, fingerprint input request message 
is displayed onto the display device 10 at st^ S42. 
Next, it is determined whether the sensor 9 detects the 
user's fingerprint information at step S43. 5 
[0035] If the sensor 9 detects the fingerprint informa- 
tion, the process proceeds to st^ S44 and then it is 
determined whether the detected fingerprint information 
is coincident with the fingerprint information registered 
in the fingerprint database 4. 10 
[0036] If the detected fingerprint information is coinci- 
dent with the registered fingerprint information, the user 
is allowed to vmliy the signature using a key assigned to 
the user at step S45. Otherwise, the user is prohibited 
from verifying the signature at step S46. is 
[0037] Next, description of a second embodiment of 
the invention will be made with reference to Fig. 8. Fig. 
8 shows a block diagram of a second ertt>odiment of the 
personal authentication system of the invention. The 
system shown in Fig. 8 includes a server computer 13, 20 
which is connected to a plurality of client computers 14, 
a fingerprint database 18, a fingerprint collating device 

19, and a personal database 20. 

[0038] Each client computer 14 includes a keyboard 
1 5, a fingerprint sensor 1 6 integrated into the keyboard 25 
1 5, and a display device 1 7. The fingerprint database 1 8 
stores a plurality of fingerprint information of users in 
advance. Fingerprint information of the user who is 
allowed to use the system is stored in the database 18. 
[0039] The fingerprint collating dwice 1 9 collates fin- so 
gerprint information detected by the fingerprint sensor 
16 with the fingerprint information stored in the finger- 
print database 18. The pereonal database 20 includes a 
plurality of personal data of users. 
[0040] The second embodiment of the invention is the 3S 
same as the first embodiment of the invention shown in 
Figs. 1 through 7, except that the second embodiment 
includes a plurality of client computers 14, keyboards 
15, and display devices 16 and the personal database 

20. 40 
[0041] In the second en*odiment of the invention, 
when the fingerprint collating device 1 9 collates the fin- 
gerprint information of a user detected by the fingerprint 
sensor 16 with the fingerprint information registered in 
the fingerprint database 18 and determines that the 45 
detected fingerprint information is identical with the reg- 
istered fingerprint information, tiie server computer 13 
sends the personal data corresponding to the user in 
the personal database 20 to ttie client computer 14 
incoming tiie fingerprint information. so 
[0042] As stated above, a personal autfientication sys- 
tem of the invention has a small-sized input device 
because of the integration of a fingerprint sensor into a 
keyboard. Further, tiie system is not able to be used by 
other people because of personal authentication using ss 
fingerprint. 
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Claims 

1 . A personal authentication system including a com- 
puter (1) for use in authenticating a user, compris- 
ing: 

an irput means (8) by which tiie user inputs an 
instruction to the computer (1); 
a fingerprint sensor (9) which detects finger- 
print information of the user when the user 
touches the sensor (9) by his finger; 
a storage means (4) which is connected to the 
computer (1) and registers fingerprint informa- 
tion of users in advance; and 
a collating means (12) which is connected to 
the computer (1) and collates the fingerprint 
information detected by tiie fingerprint sensor 
(9) with the fingerprint information registered in 
the storage means (4), ard 
when it is determined tiiat tiie detected finger- 
print information is coincident with the regis- 
tered fingerprint information by the collating 
means (12), the conputer (1) allows the user to 
perform predetermined operation on the com- 
puter (1). 

2. The system of claim 1 , further comprising: 

a display means (10) which is connected to the 
computer (1) and displays fingerprint input 
request message to the user. 

3. The systan of daim 1 , wherein tiie fingerprint sen- 
sor (9) is integrated into the input means (8). 

4. The system of claim 1, wherein the predetermined 
operation to the computer (1) is one of operations 
including log-on operation to tiie computer (1), 
encrypting data by using a key assigned to the user, 
decoding data by using a key assigned to the user, 
signing data by using a key assigned to the user, 
and verifying signature by using a key assigned to 
tiie user 

5. A personal authentication system, for use in 
authenticating a user, including a server computer 
(13) and a plurality of client computers (14), each 
client conputer (14) comprising: 

an input means (15) by which tiie user inputs 
an instruction to the client corrputer (14) or tiie 
server computer (13); and 
a fingerprint sensor (16) which detects finger- 
print information of the user when he touches 
the sensor (16) by his finger, 
and the server computer (13) comprising: 

a storage means (18) which registers fin- 
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gerprint information of users in advance; 
and 

a collating means (19) which collates the 
fingerprint information detected by the fin- 
gerprint sensor (16) with the fingerprint s 
information registered in the storage 
means (18). 

6. The system of claim 5, wherein the sever computer 

(13) further comprises a second storage means io 
(20) which stores personal information of users, 

and when it is determined that the detected 
fingerprint information is coincident with the rois- 
tered fingerprint by the collating means (19), the 
server conputer (13) supplies the client computer is 

(14) which the fingerprint information is detected 
with the personal information corresponding to the 
user in the second storage means (20). 

7. A method of authenticating a user of a computer, so 
comprising the steps of: 

registering fingerprint information of users in 
advance; 

detecting the fingerprint information when the ss 
user touches the fingerprint sensor by his fin- 
ger; 

collating the detected fingerprint information 
with the registered fingerprint information; arxJ 
allowing the user to perform predetermined 30 
operation with the computer, when it is deter- 
mined that the detected fingerprint information 
is coincident with the registered fingerprint 
information. 

35 

8. A computer readable medium which stores a pro- 
gram cperaWe for authenticating a user of a compu- 
ter, comprising the steps of: 

registering fingerprint information of users in -to 
advance; 

detecting the fingerprint information when the 
user touches the fingerprint sensor by his fin- 
ger; 

collating the detected fingerprint information 45 
with the registered fingerprint information; and 
allowing the user to perform predetermined 
operation with the conputer, when it is deter- 
mined that the detected fingerprint information 
is in coincident witti the registered fingerprint so 
information. 



5 



EP 0 923 018 A2 



> 

Q 



<M 


o 


7 


7 








ill 






|3. 







lo 



1£ 



CD 

UL 



6 



EP 0 923 018 A2 



9 




FIG. 2 



EP 0 923 018 A2 



SI 

NO 



DISPLAY FINGERPRINT 
INPUT REQUEST 



DETECT FINGERPRINT 

INFORMATION 
BY THE FIN<^RPRI^^■ 
SENSOR? 

DETECTED RNGEFPRINT 
IhrORMATION = 

rngefprint information 
in the database? 

[yes 



LOG ON TO THE COMPUTER 



S6 



PROHIBIT FROM LOG 
ON TO THE COMPUTER 



FIG. 3 



EP 0 923 018 A2 



( START ) 









<;ii 


/ ENCRYPT DATA? Y^^- 



DISPLAY FINGERPRINT 
INPUT REQUEST 



DETECT FINGERPRINT 

ir^ORMATfON 
BY THE FINGERPRINT 
SENSOR? 

I YES 

DETECTED FINGERPRINT 
INFORMATION = 
FINGERPRINT INFORMATION 
IN THE DATABASE? 

Tyes 



ENCRYPT DATA USING 
A KEY ASSIGNED 
TO THE USER 



SI 6 



PROHIBIT FROM 
ENCRYPTING THE DATA 



FIG. 4 



EP 0 923 018 A2 









<»1 


( DECODE DATA? 



DISPLAY FINGERPRINT 
INPUT REQUEST 



DETECT FINGERPRINT 

INFORMATION 
BY THE FIN^RPRINT 
SENSOR? 

DETECTED FINGERPRINT 
INFORMATION = 
FINGERPRINT INFORMATION 
IN THE DATABASE? 

Tyes 



DECODE DATA USING 
A KEY ASSIGNED 
TO THE USER 



S26 



PROHIBIT FROM 
DECODING THE DATA 



FIG. 5 



10 



EP 0 923 018 A2 



S31 

\ no 



DISPLAY FINGERPRINT 
INPUT REQUEST 



DETECT FINGERPRINT 

INFORMATION 
BY THE FINGERPRINT 
SENSOR? 

DETECTED FINGERPRINT 
INFORMATION = 
FINGERPRINT INFORMATION 
IN THE DATABASE? 



SIGNING THE DATA USING 
A KEY ASSIGNED 
TO THE USER 



S36 

_L_ 



PROHIBIT FROM 
SIGNING THE DATA 



FIG. 6 

11 



EP 0 923 018 A2 



VERIFY SIGNATURE? 



DISPLAY FINGERPRINT 
INPUT REQUEST 



DETECT FINGERPRINT , ^.^ 
INFORMATION \N0 
BY THE FINGERPRIMT 
SENSOR? 

Tyes 



DETECTED RNGERPRINT 
INFORMATION = 
FINGERPRINT HMFORMATION 
IN THE DATABASE? 



YES 



VERIFY THE SIGNATURE 
USING A KEY ASSIGNED 
TO THE USER 



S46 



PROHIBIT 
FROM VERIFYING 
THE SIGNATURE 



FIG. 7 

12 



EP 0 923 018 A2 




00 



^ Li. 



13 



